Server domain names


(Charles Flèche) #1

Hi everyone,

We are going to equip a remote medics team with satellite connections so they
can send their forms directly from the field. As sat connectivity tends to be
expensive, we usually block everything and whitelist the few necessary domains
/ servers only.

Looking at CommCareODK settings I gathered this list:

Did I forgot something ?

Many thanks,

Charles


(Sheel Shah) #2

Hey Charles,

You’ll need to make sure you’re opening https://www.commcarehq.org. If
easier, the IP address is 184.106.20.213 (though that can change).
For a project I’ve done this for, we also opened access to the Google
Servers - this was to allow for application updates to CommCare. Opening
Whatsapp might also be useful, depending on how much communication you need
to do with the mobile teams.

-s

··· On Thu, Jul 9, 2015 at 11:18 PM, Charles Flèche wrote:

Hi everyone,

We are going to equip a remote medics team with satellite connections so
they
can send their forms directly from the field. As sat connectivity tends to
be
expensive, we usually block everything and whitelist the few necessary
domains
/ servers only.

Looking at CommCareODK settings I gathered this list:

Did I forgot something ?

Many thanks,

Charles


You received this message because you are subscribed to the Google Groups
"commcare-users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to commcare-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Sheel Shah
Project Manager | Dimagi
m: +1.781.428.5419 | skype: sheel_shah


(Charles Flèche) #3

Good point, thanks Sheel.

··· On Thursday, July 09, 2015 11:35:55 PM Sheel Shah wrote: > Hey Charles, > > You'll need to make sure you're opening *https*://www.commcarehq.org. If > easier, the IP address is 184.106.20.213 (though that can change). > For a project I've done this for, we also opened access to the Google > Servers - this was to allow for application updates to CommCare. Opening > Whatsapp might also be useful, depending on how much communication you need > to do with the mobile teams. > > -s > > On Thu, Jul 9, 2015 at 11:18 PM, Charles Flèche wrote: > > Hi everyone, > > > > We are going to equip a remote medics team with satellite connections so > > they > > can send their forms directly from the field. As sat connectivity tends to > > be > > expensive, we usually block everything and whitelist the few necessary > > domains > > / servers only. > > > > Looking at CommCareODK settings I gathered this list: > > - www.commcarehq.org > > - pact.dimagi.com > > > > Did I forgot something ? > > > > Many thanks, > > > > Charles > > > > -- > > You received this message because you are subscribed to the Google Groups > > "commcare-users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to commcare-users+unsubscribe@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout.

(Cory Zue) #4

fyi pact.dimagi.com is just a redirect to commcare hq and that’s just a
legacy project support so fine not to worry about it.

definitely recommend using DNS and not IP since we do move our proxy
servers around.

··· On Fri, Jul 10, 2015 at 5:50 AM, Charles Flèche wrote:

Good point, thanks Sheel.

On Thursday, July 09, 2015 11:35:55 PM Sheel Shah wrote:

Hey Charles,

You’ll need to make sure you’re opening https://www.commcarehq.org.
If
easier, the IP address is 184.106.20.213 (though that can change).
For a project I’ve done this for, we also opened access to the Google
Servers - this was to allow for application updates to CommCare. Opening
Whatsapp might also be useful, depending on how much communication you
need
to do with the mobile teams.

-s

On Thu, Jul 9, 2015 at 11:18 PM, Charles Flèche < mhealth-myanmar@tsfi.org> wrote:

Hi everyone,

We are going to equip a remote medics team with satellite connections
so

they
can send their forms directly from the field. As sat connectivity
tends to

be
expensive, we usually block everything and whitelist the few necessary
domains
/ servers only.

Looking at CommCareODK settings I gathered this list:

Did I forgot something ?

Many thanks,

Charles


You received this message because you are subscribed to the Google
Groups

“commcare-users” group.
To unsubscribe from this group and stop receiving emails from it, send
an

email to commcare-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups
"commcare-users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to commcare-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


(Charles Flèche) #5

Turns out that the sat equipment firewall has only IP-based filter rules… Does
Dimagi have a range a IP we could whitelist ?

Thanks,

Charles

··· On Friday, July 10, 2015 09:43:26 AM Cory Zue wrote: > fyi pact.dimagi.com is just a redirect to commcare hq and that's just a > legacy project support so fine not to worry about it. > > definitely recommend using DNS and not IP since we do move our proxy > servers around. > > > On Fri, Jul 10, 2015 at 5:50 AM, Charles Flèche wrote: > > Good point, thanks Sheel. > > > > On Thursday, July 09, 2015 11:35:55 PM Sheel Shah wrote: > > > Hey Charles, > > > > > > You'll need to make sure you're opening *https*://www.commcarehq.org. > > > > If > > > > > easier, the IP address is 184.106.20.213 (though that can change). > > > For a project I've done this for, we also opened access to the Google > > > Servers - this was to allow for application updates to CommCare. Opening > > > Whatsapp might also be useful, depending on how much communication you > > > > need > > > > > to do with the mobile teams. > > > > > > -s > > > > > > On Thu, Jul 9, 2015 at 11:18 PM, Charles Flèche < mhealth-myanmar@tsfi.org> wrote: > > > > Hi everyone, > > > > > > > > We are going to equip a remote medics team with satellite connections > > > > so > > > > > > they > > > > can send their forms directly from the field. As sat connectivity > > > > tends to > > > > > > be > > > > expensive, we usually block everything and whitelist the few necessary > > > > domains > > > > / servers only. > > > > > > > > Looking at CommCareODK settings I gathered this list: > > > > - www.commcarehq.org > > > > - pact.dimagi.com > > > > > > > > Did I forgot something ? > > > > > > > > Many thanks, > > > > > > > > Charles > > > > > > > > -- > > > > You received this message because you are subscribed to the Google > > > > Groups > > > > > > "commcare-users" group. > > > > To unsubscribe from this group and stop receiving emails from it, send > > > > an > > > > > > email to commcare-users+unsubscribe@googlegroups.com. > > > > For more options, visit https://groups.google.com/d/optout. > > > > -- > > You received this message because you are subscribed to the Google Groups > > "commcare-users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to commcare-users+unsubscribe@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout.

(Cory Zue) #6

Hey Charles,

We don’t have a blanket list of IPs since we are on cloud hosting and
frequently spin up/down new machines (and are weighing the possibility of
changing host providers at some point in the future).

For now I would whitelist our main proxy server IP: 184.106.20.213 as well
as our failover: 50.57.29.63.

It is not common that we would change the setup, though it does happen. We
will try and keep this list informed if we are planning any infrastructure
changes in the future.

Cory

··· On Fri, Jul 10, 2015 at 11:40 AM, Charles Flèche wrote:

Turns out that the sat equipment firewall has only IP-based filter rules…
Does
Dimagi have a range a IP we could whitelist ?

Thanks,

Charles

On Friday, July 10, 2015 09:43:26 AM Cory Zue wrote:

fyi pact.dimagi.com is just a redirect to commcare hq and that’s just a
legacy project support so fine not to worry about it.

definitely recommend using DNS and not IP since we do move our proxy
servers around.

On Fri, Jul 10, 2015 at 5:50 AM, Charles Flèche < mhealth-myanmar@tsfi.org> wrote:

Good point, thanks Sheel.

On Thursday, July 09, 2015 11:35:55 PM Sheel Shah wrote:

Hey Charles,

You’ll need to make sure you’re opening https://www.commcarehq.org
.

If

easier, the IP address is 184.106.20.213 (though that can change).
For a project I’ve done this for, we also opened access to the Google
Servers - this was to allow for application updates to CommCare.
Opening

Whatsapp might also be useful, depending on how much communication
you

need

to do with the mobile teams.

-s

On Thu, Jul 9, 2015 at 11:18 PM, Charles Flèche < mhealth-myanmar@tsfi.org> wrote:

Hi everyone,

We are going to equip a remote medics team with satellite
connections

so

they
can send their forms directly from the field. As sat connectivity

tends to

be
expensive, we usually block everything and whitelist the few
necessary

domains
/ servers only.

Looking at CommCareODK settings I gathered this list:

Did I forgot something ?

Many thanks,

Charles


You received this message because you are subscribed to the Google

Groups

“commcare-users” group.
To unsubscribe from this group and stop receiving emails from it,
send

an

email to commcare-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google
Groups

“commcare-users” group.
To unsubscribe from this group and stop receiving emails from it, send
an

email to commcare-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups
"commcare-users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to commcare-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


(Charles Flèche) #7

Fantastic, thanks Cory. Turns out that we are in talk with the sat equipment
companies to add a Domain Name filter in their firmwares, but there is no ETA
on their side…

Thanks again,

Charles

··· On Friday, July 10, 2015 11:57:29 AM Cory Zue wrote: > Hey Charles, > > We don't have a blanket list of IPs since we are on cloud hosting and > frequently spin up/down new machines (and are weighing the possibility of > changing host providers at some point in the future). > > For now I would whitelist our main proxy server IP: 184.106.20.213 as well > as our failover: 50.57.29.63. > > It is not common that we would change the setup, though it does happen. We > will try and keep this list informed if we are planning any infrastructure > changes in the future. > > Cory > > On Fri, Jul 10, 2015 at 11:40 AM, Charles Flèche wrote: > > Turns out that the sat equipment firewall has only IP-based filter rules… > > Does > > Dimagi have a range a IP we could whitelist ? > > > > Thanks, > > > > Charles > > > > On Friday, July 10, 2015 09:43:26 AM Cory Zue wrote: > > > fyi pact.dimagi.com is just a redirect to commcare hq and that's just a > > > legacy project support so fine not to worry about it. > > > > > > definitely recommend using DNS and not IP since we do move our proxy > > > servers around. > > > > > > > > > On Fri, Jul 10, 2015 at 5:50 AM, Charles Flèche < mhealth-myanmar@tsfi.org> wrote: > > > > Good point, thanks Sheel. > > > > > > > > On Thursday, July 09, 2015 11:35:55 PM Sheel Shah wrote: > > > > > Hey Charles, > > > > > > > > > > You'll need to make sure you're opening *https*://www.commcarehq.org > > > > . > > > > > > If > > > > > > > > > easier, the IP address is 184.106.20.213 (though that can change). > > > > > For a project I've done this for, we also opened access to the > > > > > Google > > > > > Servers - this was to allow for application updates to CommCare. > > > > Opening > > > > > > > Whatsapp might also be useful, depending on how much communication > > > > you > > > > > > need > > > > > > > > > to do with the mobile teams. > > > > > > > > > > -s > > > > > > > > > > On Thu, Jul 9, 2015 at 11:18 PM, Charles Flèche < mhealth-myanmar@tsfi.org> wrote: > > > > > > Hi everyone, > > > > > > > > > > > > We are going to equip a remote medics team with satellite > > > > connections > > > > > > so > > > > > > > > > > they > > > > > > can send their forms directly from the field. As sat connectivity > > > > > > > > tends to > > > > > > > > > > be > > > > > > expensive, we usually block everything and whitelist the few > > > > necessary > > > > > > > > domains > > > > > > / servers only. > > > > > > > > > > > > Looking at CommCareODK settings I gathered this list: > > > > > > - www.commcarehq.org > > > > > > - pact.dimagi.com > > > > > > > > > > > > Did I forgot something ? > > > > > > > > > > > > Many thanks, > > > > > > > > > > > > Charles > > > > > > > > > > > > -- > > > > > > You received this message because you are subscribed to the Google > > > > > > > > Groups > > > > > > > > > > "commcare-users" group. > > > > > > To unsubscribe from this group and stop receiving emails from it, > > > > send > > > > > > an > > > > > > > > > > email to commcare-users+unsubscribe@googlegroups.com. > > > > > > For more options, visit https://groups.google.com/d/optout. > > > > > > > > -- > > > > You received this message because you are subscribed to the Google > > > > Groups > > > > > > "commcare-users" group. > > > > To unsubscribe from this group and stop receiving emails from it, send > > > > an > > > > > > email to commcare-users+unsubscribe@googlegroups.com. > > > > For more options, visit https://groups.google.com/d/optout. > > > > -- > > You received this message because you are subscribed to the Google Groups > > "commcare-users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to commcare-users+unsubscribe@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout.

(Macky M) #8

Dear Support,

Are these information still up to date?
We need to restrict mobile data to CommCare server addresses only.

Best regards,


(Danny Roberts) #9

Hi Macky M,

Thanks for asking. This information is no longer up to date. Since the original exchange in this thread, we have moved our servers, and www.commcarehq.org now points to 100.24.216.221.

@Charles_Fleche1 this may interest you as well.

Cheers,
Danny


(Macky M) #10

Thank you Danny,

CommCare App will use this address to communicate with the server.

Right?


(Danny Roberts) #11

Yup, the CommCare App always talks to www.commcarehq.org, which for the time being (and the foreseeable future) is mapped to 100.24.216.221. Keep in mind as we mentioned above that this does change occasionally. For example has changed about twice in the last 4-5 years, though we don’t foresee it changing again anytime soon.

Cheers,
Danny